APT28: At the Center of the Storm

On Jan. 6, 2017, the U.S. Director of National Intelligence released its Intelligence Community Assessment: Assessing Russian Activities and Intentions in Recent US Elections. Still, questions persist about Russian involvement. Did the Russian government direct the group responsible for the breaches and related data leaks? If so, is this simply a matter of accepted state espionage, or did it cross a line? Was the breach at the Democratic National Committee part of a concerted effort by the Russian government to interfere with the U.S. presidential election?

The most consequential question remains unasked: How will Russia continue to employ a variety of methods – including hacks and leaks – to undermine the institutions, policies and actors that the Russian government perceives as constricting and condemning its forceful pursuit of its state aims?

FireEye’s visibility into the operations of APT28 – a group we believe the Russian government sponsors – has given us insight into some of the government’s targets, as well as its objectives and the activities designed to further them.

We have tracked and profiled this group through multiple investigations, endpoint and network detections, and continuous monitoring. Our visibility into APT28’s operations, which date to at least 2007, has allowed us to understand the group’s malware, operational changes and motivations. This intelligence has been critical to protecting and informing our clients, exposing this threat and strengthening our confidence in attributing APT28 to the Russian government.